Impact
An attacker will be able to construct a URL on the user edit page (<your instance>/admin/user/edit) with query parameters containing JS scripts. The attacker can then trick the victim into opening the URL and thus potentially compromising the session ID.
Patches
The issue has been fixed in v0.26.1
Workarounds
- Upgrade to v0.26.1 ASAP
- As a standard security practice, do not open malicious links
References
PoC in #289, thanks to @bararchy
bararchy Analyst
Impact
An attacker will be able to construct a URL on the user edit page (
<your instance>/admin/user/edit) with query parameters containing JS scripts. The attacker can then trick the victim into opening the URL and thus potentially compromising the session ID.Patches
The issue has been fixed in v0.26.1
Workarounds
References
PoC in #289, thanks to @bararchy